secure_mailing_spec.rb 14 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe 'Ticket create > Secure mailing', authenticated_as: :authenticate, type: :system do
  4. def authenticate
  5. integration_settings
  6. current_user
  7. end
  8. shared_examples 'hiding security options' do
  9. let!(:template) { create(:template, :dummy_data) }
  10. let(:current_user) { true }
  11. it 'hides security options' do
  12. visit 'ticket/create'
  13. within(:active_content) do
  14. use_template(template)
  15. expect(page).to have_no_css('div.js-securityEncrypt.btn--active')
  16. expect(page).to have_no_css('div.js-securitySign.btn--active')
  17. click '.js-submit'
  18. expect(page).to have_css('.ticket-article-item', count: 1)
  19. open_article_meta
  20. expect(page).to have_no_css('span', text: 'Signed')
  21. expect(page).to have_no_css('span', text: 'Encrypted')
  22. security_result = Ticket::Article.last.preferences['security']
  23. expect(security_result['encryption']['success']).to be_nil
  24. expect(security_result['sign']['success']).to be_nil
  25. end
  26. end
  27. end
  28. shared_examples 'supporting all security options' do
  29. let(:current_user) { agent }
  30. let!(:template) { create(:template, :dummy_data, group: group, owner: agent, customer: customer) }
  31. let(:email_address) { create(:email_address, email: system_email_address) }
  32. let(:group) { create(:group, email_address: email_address) }
  33. let(:agent_groups) { [group] }
  34. let(:agent) { create(:agent, groups: agent_groups) }
  35. let(:customer) { create(:customer, email: recipient_email_address) }
  36. it 'sends a plain article' do
  37. visit 'ticket/create'
  38. within(:active_content) do
  39. use_template(template)
  40. # Wait until the security options check AJAX call is ready.
  41. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  42. expect(page).to have_css('div.js-securitySign.btn--active')
  43. # Deactivate encryption and signing.
  44. click '.js-securityEncrypt'
  45. click '.js-securitySign'
  46. click '.js-submit'
  47. expect(page).to have_css('.ticket-article-item', count: 1)
  48. open_article_meta
  49. expect(page).to have_no_css('span', text: 'Signed')
  50. expect(page).to have_no_css('span', text: 'Encrypted')
  51. security_result = Ticket::Article.last.preferences['security']
  52. expect(security_result['encryption']['success']).to be_nil
  53. expect(security_result['sign']['success']).to be_nil
  54. end
  55. end
  56. it 'sends a signed article' do
  57. visit 'ticket/create'
  58. within(:active_content) do
  59. use_template(template)
  60. # Wait until the security options check AJAX call is ready.
  61. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  62. expect(page).to have_css('div.js-securitySign.btn--active')
  63. # Deactivate encryption only.
  64. click '.js-securityEncrypt'
  65. click '.js-submit'
  66. expect(page).to have_css('.ticket-article-item', count: 1)
  67. open_article_meta
  68. expect(page).to have_css('span', text: 'Signed')
  69. expect(page).to have_no_css('span', text: 'Encrypted')
  70. security_result = Ticket::Article.last.preferences['security']
  71. expect(security_result['encryption']['success']).to be_nil
  72. expect(security_result['sign']['success']).to be true
  73. end
  74. end
  75. it 'sends an encrypted article' do
  76. visit 'ticket/create'
  77. within(:active_content) do
  78. use_template(template)
  79. # Wait until the security options check AJAX call is ready.
  80. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  81. expect(page).to have_css('div.js-securitySign.btn--active')
  82. # Deactivate signing only.
  83. click '.js-securitySign'
  84. click '.js-submit'
  85. expect(page).to have_css('.ticket-article-item', count: 1)
  86. open_article_meta
  87. expect(page).to have_no_css('span', text: 'Signed')
  88. expect(page).to have_css('span', text: 'Encrypted')
  89. security_result = Ticket::Article.last.preferences['security']
  90. expect(security_result['encryption']['success']).to be true
  91. expect(security_result['sign']['success']).to be_nil
  92. end
  93. end
  94. it 'sends a signed and encrypted article' do
  95. visit 'ticket/create'
  96. within(:active_content) do
  97. use_template(template)
  98. # Wait until the security options check AJAX call is ready.
  99. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  100. expect(page).to have_css('div.js-securitySign.btn--active')
  101. click '.js-submit'
  102. expect(page).to have_css('.ticket-article-item', count: 1)
  103. open_article_meta
  104. expect(page).to have_css('span', text: 'Signed')
  105. expect(page).to have_css('span', text: 'Encrypted')
  106. security_result = Ticket::Article.last.preferences['security']
  107. expect(security_result['encryption']['success']).to be true
  108. expect(security_result['sign']['success']).to be true
  109. end
  110. end
  111. end
  112. shared_examples 'supporting group default behavior' do
  113. let(:current_user) { agent }
  114. let!(:template) { create(:template, :dummy_data, group: group, owner: agent, customer: customer) }
  115. let(:email_address) { create(:email_address, email: system_email_address) }
  116. let(:group) { create(:group, email_address: email_address) }
  117. let(:agent_groups) { [group] }
  118. let(:agent) { create(:agent, groups: agent_groups) }
  119. let(:customer) { create(:customer, email: recipient_email_address) }
  120. let(:integration_config) { {} }
  121. shared_examples 'security defaults example' do |sign:, encrypt:|
  122. it "security defaults sign: #{sign}, encrypt: #{encrypt}" do
  123. within(:active_content) do
  124. if sign
  125. expect(page).to have_css('.js-securitySign.btn--active')
  126. else
  127. expect(page).to have_no_css('.js-securitySign.btn--active')
  128. end
  129. if encrypt
  130. expect(page).to have_css('.js-securityEncrypt.btn--active')
  131. else
  132. expect(page).to have_no_css('.js-securityEncrypt.btn--active')
  133. end
  134. end
  135. end
  136. end
  137. shared_examples 'security defaults' do |sign:, encrypt:|
  138. before do
  139. visit 'ticket/create'
  140. within(:active_content) do
  141. use_template(template)
  142. end
  143. end
  144. include_examples 'security defaults example', sign: sign, encrypt: encrypt
  145. end
  146. shared_examples 'security defaults group change' do |sign:, encrypt:|
  147. before do
  148. visit 'ticket/create'
  149. within(:active_content) do
  150. use_template(template)
  151. set_tree_select_value('group_id', new_group.name)
  152. end
  153. end
  154. include_examples 'security defaults example', sign: sign, encrypt: encrypt
  155. end
  156. context 'when not configured' do
  157. it_behaves_like 'security defaults', sign: true, encrypt: true
  158. end
  159. context 'when configuration is present' do
  160. let(:integration_config) do
  161. {
  162. 'group_id' => group_defaults
  163. }
  164. end
  165. let(:group_defaults) do
  166. {
  167. 'default_encryption' => {
  168. group.id.to_s => default_encryption,
  169. },
  170. 'default_sign' => {
  171. group.id.to_s => default_sign,
  172. }
  173. }
  174. end
  175. let(:default_sign) { true }
  176. let(:default_encryption) { true }
  177. shared_examples 'sign and encrypt variations' do |check_examples_name|
  178. it_behaves_like check_examples_name, sign: true, encrypt: true
  179. context 'when no value present' do
  180. let(:group_defaults) { {} }
  181. it_behaves_like check_examples_name, sign: true, encrypt: true
  182. end
  183. context 'when signing is disabled' do
  184. let(:default_sign) { false }
  185. it_behaves_like check_examples_name, sign: false, encrypt: true
  186. end
  187. context 'when encryption is disabled' do
  188. let(:default_encryption) { false }
  189. it_behaves_like check_examples_name, sign: true, encrypt: false
  190. end
  191. end
  192. context 'with the same group' do
  193. it_behaves_like 'sign and encrypt variations', 'security defaults'
  194. end
  195. context 'with a group change' do
  196. let(:new_group) { create(:group, email_address: email_address) }
  197. let(:agent_groups) { [group, new_group] }
  198. let(:group_defaults) do
  199. {
  200. 'default_encryption' => {
  201. new_group.id.to_s => default_encryption,
  202. },
  203. 'default_sign' => {
  204. new_group.id.to_s => default_sign,
  205. }
  206. }
  207. end
  208. it_behaves_like 'sign and encrypt variations', 'security defaults group change'
  209. end
  210. end
  211. end
  212. context 'with PGP integration' do
  213. let(:integration_settings) do
  214. Setting.set('pgp_integration', true)
  215. Setting.set('pgp_config', integration_config) if defined?(integration_config)
  216. end
  217. context 'with no key present' do
  218. it_behaves_like 'hiding security options'
  219. end
  220. context 'with recipient public key and sender private key present' do
  221. let(:system_email_address) { 'pgp1@example.com' }
  222. let(:recipient_email_address) { 'pgp2@example.com' }
  223. before do
  224. create(:'pgp_key/pgp1@example.com', :with_private)
  225. create(:'pgp_key/pgp2@example.com')
  226. end
  227. it_behaves_like 'supporting all security options'
  228. it_behaves_like 'supporting group default behavior'
  229. end
  230. end
  231. context 'with S/MIME integration' do
  232. let(:integration_settings) do
  233. Setting.set('smime_integration', true)
  234. Setting.set('smime_config', integration_config) if defined?(integration_config)
  235. end
  236. context 'with no certificate nor key present' do
  237. it_behaves_like 'hiding security options'
  238. end
  239. context 'with recipient public certificate and sender private key present' do
  240. let(:system_email_address) { 'smime1@example.com' }
  241. let(:recipient_email_address) { 'smime2@example.com' }
  242. before do
  243. create(:smime_certificate, :with_private, fixture: system_email_address)
  244. create(:smime_certificate, fixture: recipient_email_address)
  245. end
  246. it_behaves_like 'supporting all security options'
  247. it_behaves_like 'supporting group default behavior'
  248. end
  249. end
  250. context 'with both PGP and S/MIME integration' do
  251. let(:integration_settings) do
  252. Setting.set('pgp_integration', true)
  253. Setting.set('smime_integration', true)
  254. end
  255. shared_examples 'showing security type switcher' do
  256. let!(:template) { create(:template, :dummy_data) }
  257. let(:current_user) { true }
  258. it 'shows security type switcher' do
  259. visit 'ticket/create'
  260. within(:active_content) do
  261. use_template(template)
  262. expect(page).to have_css('.btn', text: 'PGP')
  263. expect(page).to have_css('.btn.btn--active', text: 'S/MIME') # preferred
  264. end
  265. end
  266. end
  267. context 'with no certificates nor keys present' do
  268. it_behaves_like 'showing security type switcher'
  269. end
  270. context 'with certificates and keys present' do
  271. let(:system_email_address) { 'pgp+smime-sender@example.com' }
  272. let(:recipient_email_address) { 'pgp+smime-recipient@example.com' }
  273. let(:current_user) { agent }
  274. let!(:template) { create(:template, :dummy_data, group: group, owner: agent, customer: customer) }
  275. let(:email_address) { create(:email_address, email: system_email_address) }
  276. let(:group) { create(:group, email_address: email_address) }
  277. let(:agent_groups) { [group] }
  278. let(:agent) { create(:agent, groups: agent_groups) }
  279. let(:customer) { create(:customer, email: recipient_email_address) }
  280. before do
  281. create(:'pgp_key/pgp+smime-sender@example.com', :with_private)
  282. create(:'pgp_key/pgp+smime-recipient@example.com')
  283. create(:smime_certificate, :with_private, fixture: system_email_address)
  284. create(:smime_certificate, fixture: recipient_email_address)
  285. end
  286. shared_examples 'switching between security types' do
  287. it 'switches between security types' do
  288. within(:active_content) do
  289. click '.btn', text: 'PGP'
  290. # Wait until the security options check AJAX call is ready.
  291. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  292. expect(page).to have_css('div.js-securitySign.btn--active')
  293. expect(page).to have_css('.btn.btn--active', text: 'PGP')
  294. expect(page).to have_no_css('.btn.btn--active', text: 'S/MIME')
  295. expect(find('.js-securityEncryptComment')['title']).to eq('The PGP keys for pgp+smime-recipient@example.com were found.')
  296. expect(find('.js-securitySignComment')['title']).to eq('The PGP key for pgp+smime-sender@example.com was found.')
  297. click '.btn', text: 'S/MIME'
  298. # Wait until the security options check AJAX call is ready.
  299. expect(page).to have_css('div.js-securityEncrypt.btn--active')
  300. expect(page).to have_css('div.js-securitySign.btn--active')
  301. expect(page).to have_no_css('.btn.btn--active', text: 'PGP')
  302. expect(page).to have_css('.btn.btn--active', text: 'S/MIME')
  303. expect(find('.js-securityEncryptComment')['title']).to eq('The certificates for pgp+smime-recipient@example.com were found.')
  304. expect(find('.js-securitySignComment')['title']).to eq('The certificate for pgp+smime-sender@example.com was found.')
  305. end
  306. end
  307. end
  308. it_behaves_like 'showing security type switcher'
  309. context 'when customer selection is based on template' do
  310. before do
  311. visit 'ticket/create'
  312. within(:active_content) do
  313. use_template(template)
  314. end
  315. end
  316. it_behaves_like 'switching between security types'
  317. end
  318. context 'when customer selection is based on manual selection' do
  319. before do
  320. visit 'ticket/create'
  321. within(:active_content) do
  322. click '.tab', text: 'Send Email'
  323. find('[name=customer_id_completion]').fill_in with: customer.firstname
  324. find("li.recipientList-entry.js-object[data-object-id='#{customer.id}']").click
  325. end
  326. end
  327. it_behaves_like 'switching between security types'
  328. end
  329. end
  330. end
  331. end